CVE-2009-5068

Name of the Vulnerable Software and Affected Versions SMF versions through v2.0.3

Description The issue allows co-admins in shared SMF deployments to read arbitrary files on the filesystem, potentially gaining new privileges by accessing sensitive information such as database passwords stored in settings.php. This is particularly concerning in configurations where co-admins are not fully trusted.

Recommendations For versions through v2.0.3, update to a version newer than v2.0.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files such as settings.php to minimize the risk of exploitation.